Resource trust model for securing component state data for a resource using blockchains

ABSTRACT

Systems and methods employ a blockchain for managing component state data for each component of a resource, where the resource has a plurality of different components. In accordance with some aspects, a resource data block is generated for a resource that has a plurality of components. The resource data block includes a first link to a first component data block that corresponds to a first component of the plurality of components for the resource. The resource data block is committed to a blockchain.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. Pat. Application No.17/499,649, filed Oct. 12, 2021, which is a continuation of U.S. Pat.Application No. 16/384,362, filed Apr. 15, 2019 (issued as U.S. Pat. No.11,188,384), which claims the benefit of U.S. Provisional Pat.Application No. 62/757,033, filed Nov. 7, 2018. Each of theaforementioned is herein incorporated by reference in its entirety forall purposes.

BACKGROUND

Systems are typically constructed of many components, such as datasubsets, subsystems, and modules. For example, a database is oftencomposed of many data subsets. In another example, a computer typicallyincludes multiple hardware subsystems, e.g. motherboard, memory, BIOS,communication devices, etc., and software subsystems, e.g. operatingsystem (OS), device drivers, libraries, etc. In yet another example, anapplication often includes many modules and libraries.

Typically, many components of a system can be added, updated orreplaced. For example, a data base can have many data subsets orlibraries that can be modified. In a computer, a BIOS can be updated, amemory module replaced, or an operating system can be replaced with anew version or patched. An application can be updated. Libraries can bemodified. Device drivers can be installed, modified or removed.

Often, many different entities can be involved in adding modifyingcomponents in a system. For example, an original equipment manufacturer(OEM) for a computer typically adds the computer’s motherboard, memorymodule and operating system. However, the operating system is oftenupdated by the maker of the OS or device drivers are added bymanufacturers who provide devices obtained and attached by users. Ascomponents are added or changed, it can be difficult to securely recordthe changes made by multiple entities.

Systems can often be compromised or corrupted when changes areintroduced. Therefore, it can sometimes be beneficial to be able totrace the changes to determine where a system compromise or corruptionwas introduced. Currently, it can be difficult or impossible to knowwhat changes have been made to a system over its lifecycle.

It is with respect to these and other considerations that the disclosuremade herein is presented.

SUMMARY

Technologies are disclosed regarding a resource trust model for securelyrecording component installations and updates for a resource, such as asystem, database, or application, using a blockchain, where anoriginator of the resource creates a resource data block for theresource on a blockchain. An addition or modification of a component forthe resource can be recorded in a component state data block on ablockchain that is linked to the resource data block for the resource.Subsequent modifications to the component can also be recorded in acomponent state data block. Modifications to the resource are securelyrecorded on the blockchain and can be traced.

A component state data blockchain can be established by an originator orsource of component state data, such as digital audio, video,photographs, images, text or a streaming service for digital video,photographs, images, or text. Alternatively, component state data blockscan be generated the source and linked to an existing blockchain, suchas the ETHERIUM blockchain.

The source generates a component state data block that includes thecomponent state data and includes methods for accessing the componentstate data. The component state data block can also include one or morerequired uses define by the source for the component state data, such asa particular user or transferee, a number of uses, a number of users, ageographical limit on use, or a device limitation on use.

Examples of the disclosed technology concern methods, systems and mediafor storing component state data for components of a resource thatinvolve generating a resource data block that corresponds to a resource,where the resource data includes one or more links and each linkcorresponds to one of one or more components of the resource. Thisexample of the disclosed technology also involves generating a firstcomponent state data block for a first component of the resource on ablockchain, where the first component state data block for the firstcomponent includes a first set of state data corresponding to the firstcomponent, and setting the link that corresponds to the first componentto reference the first component state data block.

In certain examples, the step of generating a resource data block thatcorresponds to a resource involves generating a resource data block thatcorresponds to a resource by a resource originator entity and the stepof generating a first component state data block for a first componentof the resource on a blockchain includes requiring the first componentstate data block to be signed by the resource originator entity.

Other examples involve generating a second component state block for thefirst component, the second component state block for the firstcomponent including second state data corresponding to the firstcomponent and linking the second component state data block to the firstcomponent state data block.

In particular examples, the step of generating a resource data blockthat corresponds to a resource involves generating a resource data blockthat corresponds to a resource by a resource originator entity and thestep of generating a second component state data block for the firstcomponent comprises generating the second component state block for thefirst component by a component provider entity. These examples alsoinclude requiring the second component state data block to be signed bythe resource originator entity and the component provider entity.

Still other examples involve, generating a second component state datablock for a second component on the blockchain, the second componentstate data block for the second component including first state data forthe second component and setting the link in the resource data blockthat corresponds to the second component to reference the firstcomponent state data block for the second component on the blockchain.

In yet another example, the step of generating a resource data blockthat corresponds to a resource, where the resource data includes one ormore links and each link corresponds to one of one or more components ofthe resource includes generating a null component state data block foreach of the one or more components of the resource and, for each one ofthe one or more components, setting the link that corresponds to thecomponent to reference the null component state data block for thecomponent. In this example, the step of setting the link thatcorresponds to the first component to reference the first componentstate data block involves linking the first component state data blockto the null component state data block for the first component.

In various examples, the resource can be a system and the firstcomponent is a subcomponent of the system, the resource can be a serviceand the first component is a component of the service, the resource canbe a database and first component is a subset of data, the resource canbe an operating system and the first component is one a library, amanagement subsystem or a device driver, or the resource can be anapplication and the first component is an update to the application.

It should be appreciated that the above-described subject matter mayalso be implemented as a computer-controlled apparatus, a computerprocess, a computing system, or as an article of manufacture such as acomputer-readable medium. These and various other features will beapparent from a reading of the following Detailed Description and areview of the associated drawings. This Summary is provided to introducea selection of concepts in a simplified form that are further describedbelow in the Detailed Description.

This Summary is not intended to identify key features or essentialfeatures of the claimed subject matter, nor is it intended that thisSummary be used to limit the scope of the claimed subject matter.Furthermore, the claimed subject matter is not limited toimplementations that solve any or all disadvantages noted in any part ofthis disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The Detailed Description is described with reference to the accompanyingfigures. In the figures, the left-most digit(s) of a reference numberidentifies the figure in which the reference number first appears. Thesame reference numbers in different figures indicate similar oridentical items.

FIG. 1 is an architectural diagram showing an illustrative example of asystem for a storing component state data for components of a resourceusing a blockchain;

FIG. 2A is a data architecture diagram showing an illustrative exampleof a resource data blockchain and component state data blockchainsecuring resource and component state data for resources;

FIG. 2B is a data architecture diagram showing another illustrativeexample of a resource data blockchain with links populated for componentstate data blocks provisioned for resources;

FIG. 2C is a data architecture diagram showing an illustrative exampleof a resource data blocks referencing component state data blockssecured on a blockchain, where the component state data blocks for aseries of modifications of the component are stored on the blockchain;

FIG. 3A is a data architecture diagram showing an illustrative exampleof a resource originator environment for a resource creating a resourcedata block that includes a pointer to a component state data blockchainfor the component that illustrates an example of a series ofmodifications of the component that are recorded on the component stateblockchain;

FIG. 3B is a data architecture diagram showing an illustrative exampleof a resource data block that includes code for methods for initializingcomponents for the resource, updating the component to a new state, andauditing the history of component state data for the component;

FIG. 4A is a control flow diagram showing an illustrative example of aprocess for a resource originator entity to create a resource data blockon a resource data blockchain for a resource;

FIG. 4B is a control flow diagram showing an illustrative example of aprocess for a component provider to create a component state data blockon a component state data blockchain to record a state update for thecomponent, where the resource originator maintains control over thestate update;

FIG. 4C is a control flow diagram illustrating an example of a processfor auditing a history of component state updates for a component bytracing the component state data blockchain for the component;

FIG. 4D is a control flow diagram illustrating an example of avalidation process for blocks added to the resource data blockchain orcomponent state data blockchain distributed to untrusted nodes;

FIG. 5 is a data architecture diagram showing an illustrative example ofa user using an application programming interface to access componentstate data on a component state data blockchain;

FIG. 6A is a data architecture diagram illustrating a simplified exampleof a blockchain ledger based on the resource data blocks of the resourcedata blockchain or component state data blocks of the component statedata blockchain of FIG. 1 ;

FIG. 6B is a data architecture diagram showing an illustrative exampleof smart contract code, transactions and messages that are bundled intoa block so that their integrity is cryptographically secure and so thatthey may be appended to a blockchain ledger;

FIG. 7 is a computer architecture diagram illustrating an illustrativecomputer hardware and software architecture for a computing systemcapable of implementing aspects of the techniques and technologiespresented herein;

FIG. 8 is a diagram illustrating a distributed computing environmentcapable of implementing aspects of the techniques and technologiespresented herein; and

FIG. 9 is a computer architecture diagram illustrating a computingdevice architecture for a computing device capable of implementingaspects of the techniques and technologies presented herein.

DETAILED DESCRIPTION

In the context of resource state data, it is sometimes advantageous fora resource originator entity or originator of a resource (such as systemhardware, services, databases, drivers or applications) to securelycontrol and maintain a record of state data for one or more componentsof the resource (such as subsystems, data sets, data or code modules,libraries or key data).

For example, when a problem is discovered in a component in a resource,e.g. the component is found to have failed or has been corrupted orcompromised, it can be highly useful to be able to trace the history ofthe component to determine the source of the problem and evaluate theimpact of the problem. When a memory module fails, for example, thecomponent state data for the module can be useful to identify a sourcefor the faulty module. Likewise, if a device driver is found to bedefective, the component state data can be useful to isolate when thedevice driver was installed in the resource and the resource originatorentity that provided the device driver in order to isolate the fault. Inanother example, when a component is found to be compromised, it can beimportant to examine the history of the component to determine when thecomponent was compromised and the resource originator entity for thecompromised component in order to isolate the security breach.

It can also be beneficial for the component state data to be securelymaintained and immutable so that the data cannot be changed and istherefore reliable for auditing purposes. Further, it can be beneficialfor data regarding the components provisioned on the system to bereadily accessible to many entities that may use the data for auditing,fault or security breach isolation or other purposes.

Currently, there do not appear to be good conventional solutions formonitoring the state of a resource and its components. Some componentstate data can be collected and maintained by an original source for aresource, such as through product registrations or account logs.However, these approaches are generally fragmented among multipleentities, such as the original source of the resource and multipledifferent providers of components.

Such state data as does exist may not include historical data to enableforensic tracing of a component. Further, the security of the state datais typically unknown to outside observers and, therefore, not known tobe reliable. Further, any component data that does exist among themultiple entities is typically not accessible outside of the entity thatmaintains that particular component data.

In general terms, the disclosed technology utilizes one or moreblockchains to maintain a resource data block pertaining to a resourcethat includes data for one or more components of the resource. When acomponent is provisioned in the resource, a component state data blockis created with metadata for the provisioned component and stored in ablockchain and a link to the component state data block for thecomponent is stored in the resource data block. When the component isupdated, replaced or otherwise modified, another component state datablock is created with metadata for the component, such as dataindicating the modification to the component and an identifier for theentity making the modification.

The following Detailed Description describes technologies for securelymaintaining a record of state data for one or more components of aresource, where a resource originator entity for the resource can createa resource data block on a blockchain that can include a definition ofthe components of the resource. The resource data block can also includea link for each component to a component state data blockchain thatstores state data relating to the component and historical dataregarding modifications to the component of the resource.

For example, a computer manufacturer can create a resource data blockthat includes a serial number for a computer that the manufacturer hasproduced along with a definition of the components of the computer, e.g.mother board, memory components, power supply, mass storage devices,sensors, user interfaces, networking devices, video card, operatingsystem, applications, etc. When a component is added to the resource,e.g. a memory card, a component state data block is created thatincludes metadata for the component, e.g. manufacturer, model number,serial number, etc. A link to the component state data block for thecomponent is stored in the resource data block. When the component ismodified or replaced, then a new component state data block is createdwith metadata describing the modification and a link to the newcomponent state data block is stored in the resource data block.

Note that, in some scenarios, different entities can provide thecomponents for the resource. As the resource is provisioned with acomponent, the provider of the component can, in some examples, createthe component state data block and update the resource data block withthe link to the component state data block. In some examples,modifications or additions to the resource data block for a resource oradditional component state data blocks can require a signature of theresource originator entity.

The resulting resource data block and associated component state datablocks can provide a record of the components provisioned on a resourcealong with the component state data for the components and a traceablehistory for the components.

A resource data blockchain and component state data blockchain can beestablished by resource originator entity for a resource, such as anoriginal equipment manufacturer (OEM), an operating system provider, oran application developer. Alternatively, resource data blocks andcomponent state data blocks can be generated by the resource originatorentity and linked to an existing blockchain, such as the ETHERIUMblockchain.

The resource data in a resource data blockchain or the component statedata in a component state data blockchain can be encrypted so that itcan only be accessed through the methods of the blocks. Other content inthe block, such as the methods, can also be encrypted to preventunauthorized access to the content or to control access to the content.For example, the resource data or component state data can be encryptedusing a public-private key pair, where a public key for the resourceoriginator entity is used to encrypt data and a corresponding privatekey is used to decrypt data. In some examples, another entity, such as acomponent provider, can be provided with a key to access the data.

A technical advantage of the disclosed resource trust model forcomponent state data technology includes securely maintaining the dataon a blockchain that can be widely accessed through the internet.Another technical advantage of the disclosed component state datatechnology is the distributed nature of the blockchain, which preventsan unauthorized entity from modifying or corrupting the component statedata at any single point. Other technical effects other than thosementioned herein can also be realized from implementation of thetechnologies disclosed herein.

By the use of the technologies described herein, one or more blockchainscan be used to securely maintain traceable state data regarding aresource and its components. In a resource data block on a blockchain,data regarding a resource is stored that can include informationregarding the resource along with information regarding one or morecomponents for the resource, which can include a link to a componentstate data block for the component that contains component state data.The component state data blocks can be stored in a component state datablockchain to securely and immutably store component state data in amanner that provides wide access to the data so that the component statedata can be readily accessed and traced by users with network access tothe blockchain.

As will be described in more detail herein, it can be appreciated thatimplementations of the techniques and technologies described herein mayinclude the use of solid state circuits, digital logic circuits,computer components, and/or software executing on one or more inputdevices. Signals described herein may include analog and/or digitalsignals for communicating a changed state of the data file or otherinformation pertaining to the data file.

While the subject matter described herein is presented in the generalcontext of program modules that execute in conjunction with theexecution of an operating system and application programs on a computersystem, those skilled in the art will recognize that otherimplementations may be performed in combination with other types ofprogram modules. Generally, program modules include routines, programs,components, data structures, and other types of structures that performparticular tasks or implement particular abstract data types. Moreover,those skilled in the art will appreciate that the subject matterdescribed herein may be practiced with other computer systemconfigurations, including multiprocessor systems, mainframe computers,microprocessor-based or programmable consumer electronics,minicomputers, hand-held devices, and the like.

In the following detailed description, references are made to theaccompanying drawings that form a part hereof, and in which are shown byway of illustration specific configurations or examples. Referring nowto the drawings, in which like numerals represent like elementsthroughout the several figures, aspects of a computing system,computer-readable storage medium, and computer-implemented methodologiesfor a component state data blockchain ledger will be described. As willbe described in more detail below with respect to the figures, there area number of applications and services that may embody the functionalityand techniques described herein.

FIG. 1 is an architectural diagram showing an illustrative example of acomponent state system 100 utilizing a resource data blockchain 140 anda component state data blockchain 150. A resource data blockchain can beutilized to securely maintain resource data regarding a resource and acomponent state data blockchain can be utilized to securely maintainstate data relating to components of a resource. The resource data blockcan also be utilized to control access to the resource data andcomponent state data as well as control modifications to the data. Inthe embodiment of FIG. 1 , blockchains 140 and 150 can each be apublicly available blockchain that supports scripting, such as theETHEREUM blockchain, which supports a SOLIDIFY scripting language, orBITCOIN, which supports a scripting language called SCRIPT. Blockchains140 and 150 can also each be a private blockchain, or a combination ofpublic and private blockchains can be utilized. Resource data blocks 142and component state data blocks 152 can also reside on the sameblockchain.

A resource originator environment 110, such as a client device, one ormore servers, or remote computing resources, is controlled by a resourceoriginator entity that creates the resource. In one example, resourceoriginator environment 110 initiates a resource data blockchain 140 bycreated genesis block 142A and initiates a component state datablockchain 150 by creating genesis block 152A. In other examples, theresource data blocks 142 and component state data blocks 152 can beadded to an existing blockchain.

For a resource data blockchain, resource data block 142A, in thisexample, can include resource data regarding a resource, such as a modelnumber, a manufacturer or developer, a serial number, an activationcode, a version number or other descriptive data. The resource datablock can also include data regarding one or more components of theresource, such as a type of component and a link to a component statedata block with state information regarding the component.

For a component state data blockchain, component state data block 142A,in this example, can include component state data for a component, suchas the manufacturer, developer or supplier, a serial number oractivation code, a version number, update identifier, or otherdescriptive data. The component state data block 142 can also include alink to another component state data block relating to a previouscomponent or version of the component.

In some embodiments, the resource originator environment 110 can bereplaced by another computing node, such as a computer on a peer-to-peernetwork, or other computing device.

In the example of FIG. 1 , the resource data is provided by resourceoriginator environment 110 and secured on resource data blockchain 140.The component state data can be provided by resource originatorenvironment 110 or by a supplier of a component and secured on componentstate data blockchain 140. The information in the resource data blocks142 and component state data blocks can be made accessible to otherentities, such as client/servers 120A, 120B or 120C or blockchainplatform 130. In this example, the client/servers 120 can communicatewith resource originator environment 110 as well as a network of serversfor blockchain platform 130 that supports and maintains blockchains 140and 150. For example, the ETHERIUM blockchain platform from the ETHERIUMFOUNDATION of Switzerland provides a decentralized, distributedcomputing platform and operating system that provides scriptingfunctionality.

In one example, resource originator environment 110 owns and controlsthe resource data blocks 142 in resource data blockchain 140. Eachresource data block 142 includes resource data relating to the resourcethat is defined by the resource originator entity using resourceoriginator environment 110. For example, the resource originator entitycan define a serial number and an array of components for the resourceincluding a link to a component state data block for each component.

In this example, resource originator environment 110 can also own andcontrol the component state data blocks 152 in component state datablockchain 150. Each component state data block 152 includes componentstate data relating to the component, such as version or update number,revision date, supplier identifier, etc. When a component is provisionedfor the resource, a component state data block is created and the linkcorresponding to the component in the resource data block set to link tothe component state data block. When the component is modified orreplaced, a new component state data block is created, linked to theprevious component state data block and the link corresponding to thecomponent in the resource data block set to link to the new componentstate data block.

Although resource originator environment 110, at least initially,maintains control over the component state data, the component statedata blockchain 150 can be made accessible to other entities, such asclient/servers 120, so that supplier entities can provide componentstate data stored in the blocks in the blockchain. For example, asupplier entity providing a component or a revision to a component,using a client/server 120, can create a component state data blockrelating to the component or the revision.

In some examples, methods in the component state data blocks can providefor the resource originator entity to maintain control over thecomponent state data blocks by requiring the resource originatorentity’s signature on a new component state data block. In otherexamples, method in the component state data blocks can require both theresource originator entity’s signature and the supplier entity’ssignature on a new component state data block.

In some examples, the resource state data blockchain 140 and componentstate data blockchain 150 may be viewable to other entities through theuse of applications that can access blockchain information. By providingaccess to the resource state data blockchain 140 and component statedata blockchain 150, this approach allows users to readily accessresource data and component state data maintained on the resource statedata blockchain 140 and component state data blockchain 150 under thecontrol of the resource originator entity, e.g. the user of resourceoriginator environment 110.

In another example, aspects of the component state data blockchain 140may be restricted to being viewable only to entities that are authorizedto access the blockchains 140 and 150, such as resource originatorenvironment 110 or component supplier entities, e.g. authorized users ofone of client/servers 120. By restricting access to the blockchains 140and 150, a resource originator entity can preserve greater control orsecurity over the resource and component state data.

FIG. 2A is a data architecture diagram illustrating a simplified exampleof a resource data blockchain ledger 200 based on the blocks 142A-E ofthe resource data blockchain ledger 140 of FIG. 1 . The resource datablockchain ledger 200 example of FIG. 2A is simplified to show blockheaders, metadata and signatures of blocks 210A-E in order todemonstrate storage of resource data using a blockchain. In outline, ablockchain ledger may be a globally shared transactional database.Signatures can, in some examples, involve all or part of the data storedin the data the blocks 142A-E and can also involve public key addressescorresponding to resource origination entities involved in the creationof resources.

The blockchain ledger 200 may be arranged as a Merkle tree datastructure, as a linked list, or as any similar data structure thatallows for cryptographic integrity. The blockchain ledger 200 allows forverification that the resource data, and similarly component state dataon component state data blockchain 150, has not been corrupted ortampered with because any attempt to tamper will change a MessageAuthentication Code (or has) of a block, and other blocks pointing tothat block will be out of correspondence. In one embodiment of FIG. 2A,each block may point to another block. Each block may include a pointerto the other block, and a hash (or Message Authentication Code function)of the other block.

Each block in the blockchain ledger may optionally contain a proof datafield. The proof data field may indicate a reward that is due. The proofmay be a proof of work, a proof of stake, a proof of research, or anyother data field indicating a reward is due. For example, a proof ofwork may indicate that computational work was performed. As anotherexample, a proof of stake may indicate that an amount of cryptocurrencyhas been held for a certain amount of time. For example, if 10 units ofcryptocurrency have been held for 10 days, a proof of stake may indicate10*10=100 time units have accrued. A proof of research may indicate thatresearch has been performed. In one example, a proof of research mayindicate that a certain amount of computational work has beenperformed - such as exploring whether molecules interact a certain wayduring a computational search for an efficacious drug compound.

The blocks 210 of resource data blockchain 200 in the example of FIG. 2Ashows securing resource data with a new resource data block on theblockchain. In one example, resource originator environment 110 of FIG.1 provides the resource data and data identifying an owner of theresource data, an identifier for the resource, and a one or more recordsrelating to components of the resource, which can include an identifierfor a component and a link to a component state data block with statedata for the component when it creates resource data block 210A. Theresource originator environment 110 signs the resource data block 210Aand the blockchain system within which blockchain 200 is createdverifies the resource data block based on a proof function.

Note that the component state data blockchain 150 illustrated in FIG. 1can take a similar form with component state data blocks 152 that caninclude data pertaining to the corresponding component, such as a serialnumber, model or version number, date of installation, etc. Componentstate data blocks 152 for successive versions, updates or replacementsfor the component can be linked together on the same or a differentblockchain such that a history of the component in the resource isimmutably and traceably stored using a blockchain.

Note that a variety of approaches may be utilized that remain consistentwith the disclosed technology. In some examples relating to resourcedata and component state data, the user of resource originatorenvironment 110 is a required entity or the only entity permitted toverify or validate resource data blocks 142 or component state datablocks 152. In other examples, other entities, such as authorizedcomponent supplier entities, can verify or validate component state datablocks 152.

In the example of FIG. 2A, resource data blocks 210 of resource datablockchain 200 include resource data, such as a resource identifier andcomponents links for components of the resource, along with a signatureof a resource originator. In the example of FIG. 2A, each resource datablock 210 contains an array of component state pointerscomp_state[n].ptr that can link to corresponding component state datablocks that include state data for components of the resource. Note thata resource originator can create resource data blocks with differentnumbers of components depending upon the resource.

To add a resource data block with new resource data, the resourceoriginator environment 110 creates resource data block 210B, whichidentifies the component state data, e.g. ResourceID_2, and thecomponent state array, e.g. comp_state[n], and links block 210B to block210A. The resource originator environment 110 signs resource data block210B and commits block 210B to blockchain 200 for verification by theblockchain platform.

To add more resource data blocks for an additional resource, resourceoriginator environment 110 creates resource data block 210C to secureresource data for ResourceID_3 along with a component state array.Similarly, resource data block 242D is created by resource originatorenvironment 110 to store the resource data for ResourceID_4 and resourcedata block 242E is created to store the resource data for ResourceID_5.

Also, the pointer can be created with a null link that is updated topoint to a component state data block when the component is provisionedin the resource. For example, the resources originator entity can be anOEM manufacturer for a system that has n components, where some or allof the pointers are null links. When the resource originator entityprovisions a main controller board for the resource, it creates acomponent state data block that includes data regarding the maincontroller board and sets the corresponding pointer in the componentstate array to point to the component state data block. In someexamples, the component state array can also include definition orrequirement data that identifies the corresponding component andcharacteristics for the component, e.g. a main controller board with a 2GHz clock rate.

FIG. 2B is a data architecture diagram showing another illustrativeexample of a resource data blockchain 240 with links populated forcomponent state data blocks 252 provisioned for resources. Resource datablock 242A for resource ResourceID_1 includes pointer Ptr1-1 forComponent1 to component state data block 252A, pointer Ptr1-2 forComponent2 to component state data block 252B, and pointer Ptr1-3 forComponent3 to component state data block 252C. Component4, Component5and Component6 are not yet provisioned in ResourceID_1 and so have nullpointers.

Similarly, resource data block 242B for resource ResourceID_2 includespointer Ptr2-1 for Component1 to component state data block 252D andpointer Ptr2-2 for Component2 to component state data block 252E.Component3, Component4, Component5 and Component6 are not yetprovisioned in resource ResourceID_2 and so have null pointers.Likewise, resource data block 242C for resource ResourceID_3 includespointer Ptr3-1 for Component4 to component state data block 252F andpointer Ptr3-2 for Component6 to component state data block 252G.Component1, Compontent2, Component3, and Component5 are not yetprovisioned in resource ResourceID_2 and so have null pointers.

A component state data blockchain, such as blockchain 150 in FIG. 1enables component state data to be securely stored to maintain statedata for components in a resource as the components are updated over thefunctional lifetime of the resource. and distributed with use limitationunder the control of a resource originator entity. FIG. 2C is a dataarchitecture diagram showing a simplified illustrative example of theuse of a component state data blockchain for securely storing atraceable history of component state data for a component of a resource.

Component state data block 262A, in this example, illustrates an initialstate of component state data block when initially created by resourceoriginator environment 110. Component state data block 262A includes anidentifier for the component state data, e.g. ID(ComponentID1), anidentifier for the provider of the component, e.g. Provider(ProvID_1),and the component state data itself, e.g. State(state_1). For example,component state data block 262A can represent an initially provisionedvideo card, operating system, key or data library. In this example,provisioning of a component requires signatures from both the resourceoriginator ResourceID_1 and the provider ProviderID_1.

Component state data block 262B represents an update to the initialcomponent ComponentID1 represented by block 262A. Because the componentis being updated and not replaced, ID remains set to ComponentID1 andProvider remains set to ProviderID_1. State is set to state_2, whichrepresents and documents an update to ComponentID1. For example, anupdate to firmware on a video card, an update to an operating system, arotated key, or an updated library. Component state data block 262B islinked to block 262A and signed by the resource originator ResourceID_1and the provider ProviderID_1.

Component state data block 262C represents a replacement componentComponentID2 that replaces the initial component ComponentID1. Becausethe component is being replaced and not updated, ID is set toComponentID2 and Provider is set to ProviderID_2. State is set tostate_3, which represents and documents an initial state ofComponentID2. For example, ComponentID2 can be a replacement video card,a new operating system, or a new library. Component state data block262C is linked to block 262B and signed by the resource originatorResourceID_1 and the provider ProviderID_2.

Component state data block 262D represents an update to the replacementcomponent ComponentID2 represented by block 262C. Because the componentis being updated and not replaced, ID remains set to ComponentID2andProvider remains set to ProviderID_2. State is set to state _4, whichrepresents and documents an update to ComponentID2. Component state datablock 262B is linked to block 262D and signed by the resource originatorResourceID_1 and the provider ProviderID_2.

FIG. 3A is a data architecture diagram illustrating an example of dataflowing from resource provider and component provider entities in theexample of FIG. 2C. At 302, resource originator environment 110 createsresource data block 242A for resource ID_1 and signs block 242A. WhenProviderID_1 provisions Component1 of ResourceID_1 with componentComponentID1, ProviderID_1, utilizing client/server 120A, creates, at310, component state data block 262A with ID=ComponentID1,Provider=ProviderID_1, and State=state_1. Component1(Ptr) in resourcedata block 242A is set, at 303, to point to block 262A and, at 304,resource originator environment 110 signs block 262A, which is committedto component state data blockchain 260.

When ProviderID_1 updates Component1 using client/server 120A,ProviderID_1 creates and signs, at 312, component state data block 262Bwith ID=ComponentID1, Provider=ProviderID_1, and State=state_2, which issigned by the resource origination entity using environment 110, at 306.Component state data block 262B is linked to component state data block262A in component state data blockchain 260.

When ProviderID_2 replaces Component1 using client/server 120B,ProviderID_2 creates and signs, at 314, component state data block 262Cwith ID=ComponentID2, Provider=ProviderID_2, and State=state_3, which issigned by the resource origination entity using environment 110, at 307.Component state data block 262C is linked to component state data block262B in component state data blockchain 260.

When ProviderID_2 updates ComponentID2, ProviderID_2, usingclient/server 120A, creates and signs, at 312, component state datablock 262B with ID=ComponentID2, Provider= ProviderID_2, andState=state_4, which is signed by the resource origination entity usingenvironment 110, at 309. Component state data block 262D is linked tocomponent state data block 262C in component state data blockchain 260.

As illustrated in the example of component state data blockchain 260,the disclosed technology can be used to produce a component state datablockchain that can provide traceable, immutable state data pertainingto Component1 of ResourceID_1. The component state data permits an auditto be performed on Component1 that can identify changes made to thecomponent and who made the change to the component. If a date stamp isincluded in the component state data block, then the date of a componentchange can be established. Other data can be included in the componentstate data blocks that can be useful to in auditing or troubleshooting.In implementations that require the resource originator to sign thecomponent state data blocks 262, the resource originator can maintaincontrol over the component state data.

FIG. 3B is a data architecture diagram showing an illustrative exampleof a resource data block 342 that includes code for methods forinitializing components for the resource, updating the component to anew state, and tracing the history of component state data for thecomponent. The disclosed technology enables resource data and componentstate data to be securely stored and distributed on a blockchain. Theblockchain can be made widely accessible to users of the component statedata. The blockchain platform supporting the blockchain storing theresource data or component state data ensures the integrity of the dataand methods.

Scripts for initializing, updating and auditing component state data canbe secured by a resource data block 342 stored on a blockchain, such asresource data blockchain 140 of FIG. 1 , and executed by the operatingsystem of the decentralized, distributed blockchain platform. FIG. 3Billustrates an example of a resource data block 342 with code 354 thatprovides Initialize, Update and Audit scripts. Also shown is a process350 in a blockchain environment that creates a resource data block 342.An example of block state 352 defined for the resource data block 342 isalso shown.

In this example, the Initialize script is called by a resourceoriginator entity to initialize a resource data block with an array,where each element of the array corresponds to a component of theresource. At initialization, in this example, each element of the arrayhas a null component identifier, e.g. ID = NULL, a null pointer, e.g.comp.ptr = NULL, and a null state, e.g. state = NULL.

The example of FIG. 3B also shows an Update script, which is called by acomponent provider to add component state data to a component of theresource data block 342. In the example shown, the Update script iscalled to create a new component state data block with an identifier forthe component provider, a pointer to the component state data block, andnew state for the component. The Update script also obtains signaturesfrom the resource originator entity and the component provider entityfor the component state data block.

An Audit script can be utilized by an entity to trace a component’sstate history by tracing the component state data blocks in a blockchainand returning the state information from each block. For example, theAudit script may return the component identifier, component provider,component state and date from each component state data block in theblockchain for the component.

In an alternative implementation, the resource originator entity createsa resource data block with a pointer or link for each tracked componentanticipated for the resource. The resource originator entity alsocreates an initial component state data block for each tracked componentto which the pointer in the resource data block is directed.

When a component is provisioned in the resource, a new component statedata block is created with the component state data and linked to theinitial component state data block for the component. Each subsequentupdate or replacement action for the component involves the creation ofanother component state data block that is linked to the previouscomponent state data block in the blockchain.

Also note that some functionality, such as the Update method describedabove with regard to resource data block methods 354 can bealternatively implemented in the component state data blocks. Additionalfunctionality, such as functionality for controlling access to theresource and component state data or encryption or decryption of thedata, can be included in the resource data block methods or componentstate data blocks. It will be appreciated that the disclosed technologycan support many different implementations.

FIG. 4A is a control flow diagram showing an illustrative example of aprocess 400 for creating a resource data block for securely storingresource data on a blockchain in accordance with the disclosedtechnology. This example involves creating a resource data block, at402, that is owned by a resource originator for a resource and isinitialized with a resource identifier and a component pointer for eachcomponent in the resource. At 404, the resource data block created at402 is linked to a blockchain and, at 406, the block is ciphered andsigned by the resource originator entity to commit the block to the datablockchain, such as resource data blockchain 140 in FIG. 1 .

FIG. 4B is a control flow diagram showing an illustrative example of aprocess 410 for a component provider to call an Update method in theresource data block to add a component state data block with a componentidentifier and state for the component and set a pointer for thecomponent in the resource data block to point to the component statedata block. At 414, the component provider and the resource originatorsign the component state data block to validate the block and commit theblock to a blockchain, such as the component state data blockchain 150of FIG. 1 , blockchain 250 of FIG. 2C or FIG. 3A.

FIG. 4C is a control flow diagram showing an illustrative example of anAudit process 420 for tracing the component data blocks for a componentidentified in a resource data block. At 422, an Audit request isreceived from a caller, such as an entity invoking the Audit method inresource data block method 354 illustrated in FIG. 3B, with, in thisexample, a component slot number for the resource to which the resourcedata block pertains. In other examples, the resource data block maystore the component identifier values for the provisioned components ofa resource and the corresponding Audit method can be invoked with acomponent identifier value for a component for which the audit isrequested. A variety of approaches can be utilized that are consistentwith the disclosed technology.

At 424, the component data block pointer from the component slot in theresource data block is utilized to access the component state datablockchain for the component. At 426, the component identifier and statedata are obtained from a first component state data block in thecomponent state data blockchain, such as the blockchain 150 shown inFIG. 1 or the blockchain 260 shown in FIGS. 2C and 3A.

At 428, the link in the first component state data block to the nextcomponent state data blockchain is utilized to trace to the nextcomponent state data block. If the next component state data blockexists in the blockchain, then, at 430, control returns to 426 to returnthe component identifier and component state data from the nextcomponent state data block. The cycle is completed to obtain thecomponent state data for each block in the component state datablockchain for the component. When no more blocks remain in thecomponent state data blockchain, then control branches to 432 tocomplete the Audit process 420.

FIG. 4D is a control flow diagram illustrating an example of avalidation process 480 for blocks added to the resource data blockchainledger or component state data blockchain ledger implemented usinguntrusted blockchain nodes. In process 480, when a resource data block142 is created for resource data blockchain 140 or a component statedata block 152 is created for component state data blockchain 150 inFIG. 1 , the transaction is broadcast, at 482, to the cluster ofuntrusted nodes. At 484, nodes compete to compute a validation solutionfor the transaction. At 486, a winning node broadcasts the validationsolution for the resource data block or component state data block andadds the data block to its copy of the corresponding data blockchainledger, e.g. resource data blockchain 140 or component state datablockchain 150 in FIG. 1 .

At 488, in response to the winning node’s broadcast, the other nodes addthe resource data block or component state data block to their copies ofthe resource data blockchain ledger or component state data blockchainledger in the transaction order established by the winning node. Thedecentralized validation protocol can maintain the integrity,immutability and security of the resource data blockchain ledger orcomponent state data blockchain ledger.

It should be appreciated that the processes shown for examples and avariety of other approaches may be utilized without departing from thedisclosed technology.

Depending upon the scripting capabilities of the blockchain platform,the data blocks of the resource data blockchain or component state datablockchain may include more extensive code execution. For example, aresource component state data system that provides for shared access tothe component state data by multiple users may require more extensivecode execution capability in the blockchain than a component statesystem that limits access to a single user. Similarly, a component statesystem based on a component state data blockchain that decrypts thecomponent state data or utilizes information from third parties forverification may require more extensive code execution capability in theblockchain.

It should be appreciated that the utilization of blockchain technology,such as scripting technology within smart contracts, in this contextprovides a high degree of flexibility and variation in the configurationof implementations without departing from the teachings of the presentdisclosure.

Note that the disclosed technology may be applied to maintainingresource state data for a variety of types of resources and components.The technology may be applied to secure storage and distribution ofresource and component state data.

FIG. 5 is a data architecture diagram showing an illustrative example ofan interface for managing and accessing resource data and componentstate data for the resource as maintained in a resource data blockchain,such as blockchains 140 and 150 in FIG. 1 , blockchain 200 in FIG. 2A,blockchain 240 in FIG. 2B, or blockchain 260 in FIG. 3A. In thisexample, an Application Program Interface (API) 510 provides aninterface to the blockchain platform 520 that supports the resource datablockchain or component state data blockchain. The blockchain platform520 supports a smart contract 522, such as resource data block 342 inFIG. 3B, which includes scripts 524 with code that, when executed by theblockchain platform 520, performs operations with respect to theresource data and component state data blockchains.

In the example of FIG. 5 , three scripts are defined in smart contract522. The Initialize script 524A permits a resource originator entity toinitialize a resource data block for a resource to maintain componentstate data for components provisioned in the resource. The Update script524B provides for a component provider entity to create a componentstate data block on the blockchain that includes component state datafor a component provisioned in the resource. The Audit script is used totrace the component state data blocks stored in a component state datablockchain pertaining to a component in a resource to obtain the historyof the component in the resource.

In the example of FIG. 5 , a user of client/server 502, sends an Auditrequest 504 through a resource component state data API 510 to smartcontract 522 to invoke, at 526, the Audit script 524C. The Audit scripttraces the component state data blockchain for the component to obtainthe historical component state data for the component, which isreturned, at 506, to client/server 502.

Blockchain Ledger Data Structure

FIG. 6A is a data architecture diagram illustrating a simplified exampleof a blockchain ledger 600 based on the blocks 142A-E of the resourcedata blockchain 140 or blocks 152A-E of the component state datablockchain 150 of FIG. 1 . The blockchain ledger 600 example of FIG. 6Ais simplified to show block headers, metadata and signatures of blocks142A-E or blocks 152A-E in order to demonstrate a secure resourcecomponent state data ledger using a blockchain. In outline, a blockchainledger may be a globally shared transactional database.

FIG. 6A is an illustrative example of a blockchain ledger 600 with adata tree holding transaction data that is verified using cryptographictechniques. In FIG. 6A, each block 610 includes a block header 612 withinformation regarding previous and subsequent blocks and stores atransaction root node 614 to a data tree 620 holding transactional data.Transaction data may store smart contracts, data related totransactions, or any other data. The elements of smart contracts mayalso be stored within transaction nodes of the blocks.

In the example of FIG. 6A, a Merkle tree 620 is used tocryptographically secure the transaction data. For example, TransactionTx1 node 634A of data tree 620A of block 610A can be hashed to Hash1node 632A, Transaction Tx2 node 638A may be hashed to Hash2 node 636A.Hash1 node 632A and Hash2 node 636A may be hashed to Hash12 node 630A. Asimilar subtree may be formed to generate Hash34 node 640A. Hash12 node630A and Hash34 node 640A may be hashed to Transaction Root 614A hashsorted in the data block 610A. By using a Merkle tree, or any similardata structure, the integrity of the transactions may be checked byverifying the hash is correct.

FIG. 6B is a data architecture diagram showing an illustrative exampleof smart contract code, transactions and messages that are bundled intoa block so that their integrity is cryptographically secure and so thatthey may be appended to a blockchain ledger. In FIG. 6B, smart contracts642 are code that executes on a computer. More specifically, the code ofa smart contract may be stored in a blockchain ledger and executed bynodes of a distributed blockchain platform at a given time. The resultof the smart code execution may be stored in a blockchain ledger.Optionally, a currency may be expended as smart contract code isexecuted. In the example of FIG. 6B, smart contracts 642 are executed ina virtual machine environment, although this is optional.

In FIG. 6B, the aspects of smart contracts 642 are stored in transactiondata nodes in data tree 620 in the blocks 610 of the blockchain ledgerof FIG. 6A. In the example of FIG. 6B, Smart Contract 642A is stored indata block Tx1 node 634A of data tree 620A in block 610A, Smart Contract642B is stored in Tx2 node 638A, Contract Account 654 associated withSmart Contract 642B is stored in Tx3 node 644A, and External Account isstored in Tx4 node 648A.

Storage of Smart Contracts and Transaction Data in the Blockchain Ledger

To ensure the smart contracts are secure and generate secure data, theblockchain ledger must be kept up to date. For example, if a smartcontract is created, the code associated with a smart contract must bestored in a secure way. Similarly, when smart contract code executes andgenerates transaction data, the transaction data must be stored in asecure way.

In the example of FIG. 6B, two possible embodiments for maintenance ofthe blockchain ledger are shown. In one embodiment, untrusted minernodes (“miners”) 680 may be rewarded for solving a cryptographic puzzleand thereby be allowed to append a block to the blockchain.Alternatively, a set of trusted nodes 690 may be used to append the nextblock to the blockchain ledger. Nodes may execute smart contract code,and then one winning node may append the next block to a blockchainledger.

Though aspects of the technology disclosed herein resemble a smartcontract, in the present techniques, the policy of the contract maydetermine the way that the blockchain ledger is maintained. For example,the policy may require that the validation or authorization process forblocks on the ledger is determined by a centralized control of a clusterof trusted nodes. In this case, the centralized control may be a trustednode, such as resource originator environment 110, authorized to attestand sign the transaction blocks to validate them and validation byminers may not be needed.

Alternatively, the policy may provide for validation process decided bya decentralized cluster of untrusted nodes. In the situation where theblockchain ledger is distributed to a cluster of untrusted nodes, miningof blocks in the chain may be employed to validate the blockchainledger.

Blockchains may use various time-stamping schemes, such asproof-of-work, to serialize changes. Alternate consensus methods includeproof-of-stake, proof-of-burn, proof-of-research may also be utilized toserialize changes.

As noted above, in some examples, a blockchain ledger may be validatedby miners to secure the blockchain. In this case, miners maycollectively agree on a validation solution to be utilized. However, ifa small network is utilized, e.g. private network, then the solution maybe a Merkle tree and mining for the validation solution may not berequired. When a transaction block is created, e.g. a resource datablock 142 for resource data blockchain 140 or a component state datablock 152 for component state data blockchain 150, the block is anunconfirmed and unidentified entity. To be part of the acknowledged“currency”, it may be added to the blockchain, and therefore relates tothe concept of a trusted cluster.

In a trusted cluster, when a data block 142 or 152 is added, every nodecompetes to acknowledge the next “transaction” (e.g. a new resource dataor component state data block). In one example, the nodes compete tomine and get the lowest hash value: min{previous_hash, contents_hash,random_nonce_to_be_guessed} -> result. Transaction order is protected bythe computational race (faith that no one entity can beat the collectiveresources of the blockchain network). Mutual authentication parametersare broadcast and acknowledged to prevent double entries in theblockchain.

Alternatively, by broadcasting the meta-data for authenticating a secureledger across a restricted network, e.g. only the signed hash isbroadcast, the blockchain may reduce the risks that come with data beingheld centrally. Decentralized consensus makes blockchains suitable forthe recording of secure transactions or events. The meta-data, which maycontain information related to the data file, may also be ciphered forrestricted access so that the meta-data does not disclose informationpertaining to the data file.

The mining process, such as may be used in concert with the validationprocess 480 of FIG. 4D, may be utilized to deter double accounting,overriding or replaying attacks, with the community arrangement on theagreement based on the “good faith” that no single node can control theentire cluster. A working assumption for mining is the existence ofequivalent power distribution of honest parties with supremacy overdishonest or compromised ones. Every node or miner in a decentralizedsystem has a copy of the blockchain. No centralized “official” copyexists and no user is “trusted” more than any other. Transactions arebroadcast, at 482, to the network using software. Mining nodes compete,at 484, to compute a validation solution to validate transactions, andthen broadcast, at 486, the completed block validation to other nodes.Each node adds the block, at 488, to its copy of the blockchain withtransaction order established by the winning node.

Note that in a restricted network, stake-holders who are authorized tocheck or mine for the data file may or may not access the transactionblocks themselves, but would need to have keys to the meta-data (sincethey are members of the restricted network, and are trusted) to get thedetails. As keys are applied on data with different dataclassifications, the stake-holders can be segmented.

A decentralized blockchain may also use ad-hoc secure message passingand distributed networking. In this example, the component state datablockchain ledger may be different from a conventional blockchain inthat there is a centralized clearing house, e.g. authorized centralcontrol for validation. Without the mining process, the trusted clustercan be contained in a centralized blockchain instead of a public ordemocratic blockchain. One way to view this is that a decentralizedportion is as “democratic N honest parties” (multiparty honest party isa cryptography concept), and a centralized portion as a “trustedmonarchy for blockchain information correction”. For example, there maybe advantages to maintaining the data file as centrally authorized andkept offline.

In some examples, access to a resource and component state data on ablockchain can be restricted by cryptographic means to be only open toauthorized servers. Since the resource data or component state datablockchain ledgers are distributed, the authorized servers can validateit. A public key may be used as an address on a public blockchainledger.

Note that growth of a decentralized blockchain may be accompanied by therisk of node centralization because the computer resources required tooperate on bigger data become increasingly expensive.

The present techniques may involve operations occurring in one or moremachines. As used herein, “machine” means physical data-storage andprocessing hardware programed with instructions to perform specializedcomputing operations. It is to be understood that two or more differentmachines may share hardware components. For example, the same integratedcircuit may be part of two or more different machines.

One of ordinary skill in the art will recognize that a wide variety ofapproaches may be utilized and combined with the present approachinvolving a component state data blockchain ledger. The specificexamples of different aspects of a component state data blockchainledger described herein are illustrative and are not intended to limitthe scope of the techniques shown.

Smart Contracts

Smart contracts are defined by code. As described previously, the termsand conditions of the smart contract may be encoded (e.g., by hash) intoa blockchain ledger. Specifically, smart contracts may be compiled intoa bytecode (if executed in a virtual machine), and then the bytecode maybe stored in a blockchain ledger as described previously. Similarly,transaction data executed and generated by smart contracts may be storedin the blockchain ledger in the ways previously described.

Computer Architectures for Use of Smart Contracts and Blockchain Ledgers

Note that at least parts of processes 400, 410, 420, and 480 of FIGS.4A-D, the scripts of resource data block 242 of FIG. 3B, smart contract522 of FIG. 5 , smart contracts 642 of FIG. 6B, and other processes andoperations pertaining to resource data and component state datablockchain ledgers described herein may be implemented in one or moreservers, such as computer environment 800 in FIG. 8 , or the cloud, anddata defining the results of user control input signals translated orinterpreted as discussed herein may be communicated to a user device fordisplay. Alternatively, the component state data blockchain ledgerprocesses may be implemented in a client device. In still otherexamples, some operations may be implemented in one set of computingresources, such as servers, and other steps may be implemented in othercomputing resources, such as a client device.

It should be understood that the methods described herein can be endedat any time and need not be performed in their entireties. Some or alloperations of the methods described herein, and/or substantiallyequivalent operations, can be performed by execution ofcomputer-readable instructions included on a computer-storage media, asdefined below. The term “computer-readable instructions,” and variantsthereof, as used in the description and claims, is used expansivelyherein to include routines, applications, application modules, programmodules, programs, components, data structures, algorithms, and thelike. Computer-readable instructions can be implemented on varioussystem configurations, including single-processor or multiprocessorsystems, minicomputers, mainframe computers, personal computers,hand-held computing devices, microprocessor-based, programmable consumerelectronics, combinations thereof, and the like.

Thus, it should be appreciated that the logical operations describedherein are implemented (1) as a sequence of computer implemented acts orprogram modules running on a computing system and/or (2) asinterconnected machine logic circuits or circuit modules within thecomputing system. The implementation is a matter of choice dependent onthe performance and other requirements of the computing system.Accordingly, the logical operations described herein are referred tovariously as states, operations, structural devices, acts, or modules.These operations, structural devices, acts, and modules may beimplemented in software, in firmware, in special purpose digital logic,and any combination thereof.

As described herein, in conjunction with the FIGURES described herein,the operations of the routines (e.g. processes 400, 410, 420, and 480 ofFIGS. 4A-D, the scripts of resource data block 242 of FIG. 3B, smartcontract 522 of FIG. 5 , smart contracts 642 of FIG. 6B) are describedherein as being implemented, at least in part, by an application,component, and/or circuit. Although the following illustration refers tothe components of FIGS. 1, 3B, 4A-D, 5 and 6B, it can be appreciatedthat the operations of the routines may be also implemented in manyother ways. For example, the routines may be implemented, at least inpart, by a computer processor or a processor or processors of anothercomputer. In addition, one or more of the operations of the routines mayalternatively or additionally be implemented, at least in part, by acomputer working alone or in conjunction with other software modules.

For example, the operations of routines are described herein as beingimplemented, at least in part, by an application, component and/orcircuit, which are generically referred to herein as modules. In someconfigurations, the modules can be a dynamically linked library (DLL), astatically linked library, functionality produced by an applicationprograming interface (API), a compiled program, an interpreted program,a script or any other executable set of instructions. Data and/ormodules, such as the data and modules disclosed herein, can be stored ina data structure in one or more memory components. Data can be retrievedfrom the data structure by addressing links or references to the datastructure.

Although the following illustration refers to the components of theFIGURES discussed above, it can be appreciated that the operations ofthe routines (e.g. processes 400, 410, 420, and 480 of FIGS. 4A-D, thescripts of resource data block 242 of FIG. 3B, smart contract 522 ofFIG. 5 , smart contracts 642 of FIG. 6B) may be also implemented in manyother ways. For example, the routines may be implemented, at least inpart, by a processor of another remote computer or a local computer orcircuit. In addition, one or more of the operations of the routines mayalternatively or additionally be implemented, at least in part, by achipset working alone or in conjunction with other software modules. Anyservice, circuit or application suitable for providing the techniquesdisclosed herein can be used in operations described herein.

FIG. 7 shows additional details of an example computer architecture 700for a computer, such as the devices 110 and 120A-C (FIG. 1 ), capable ofexecuting the program components described herein. Thus, the computerarchitecture 700 illustrated in FIG. 7 illustrates an architecture for aserver computer, mobile phone, a PDA, a smart phone, a desktop computer,a netbook computer, a tablet computer, an on-board computer, a gameconsole, and/or a laptop computer. The computer architecture 700 may beutilized to execute any aspects of the software components presentedherein.

The computer architecture 700 illustrated in FIG. 7 includes a centralprocessing unit 702 (“CPU”), a system memory 704, including a randomaccess memory 706 (“RAM”) and a read-only memory (“ROM”) 708, and asystem bus 710 that couples the memory 704 to the CPU 702. A basicinput/output system containing the basic routines that help to transferinformation between sub-elements within the computer architecture 700,such as during startup, is stored in the ROM 708. The computerarchitecture 700 further includes a mass storage device 712 for storingan operating system 707, data (such as a copy of resource datablockchain data 720 or component state data blockchain data 722), andone or more application programs.

The mass storage device 712 is connected to the CPU 702 through a massstorage controller (not shown) connected to the bus 710. The massstorage device 712 and its associated computer-readable media providenon-volatile storage for the computer architecture 700. Although thedescription of computer-readable media contained herein refers to a massstorage device, such as a solid-state drive, a hard disk or CD-ROMdrive, it should be appreciated by those skilled in the art thatcomputer-readable media can be any available computer storage media orcommunication media that can be accessed by the computer architecture700.

Communication media includes computer readable instructions, datastructures, program modules, or other data in a modulated data signalsuch as a carrier wave or other transport mechanism and includes anydelivery media. The term “modulated data signal” means a signal that hasone or more of its characteristics changed or set in a manner so as toencode information in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared and other wireless media. Combinations of any of the aboveshould also be included within the scope of computer-readable media.

By way of example, and not limitation, computer storage media mayinclude volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage of information suchas computer-readable instructions, data structures, program modules orother data. For example, computer media includes, but is not limited to,RAM, ROM, EPROM, EEPROM, flash memory or other solid state memorytechnology, CD-ROM, digital versatile disks (“DVD”), HD-DVD, BLU-RAY, orother optical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other medium which canbe used to store the desired information and which can be accessed bythe computer architecture 700. For purposes the claims, the phrase“computer storage medium,” “computer-readable storage medium” andvariations thereof, does not include waves, signals, and/or othertransitory and/or intangible communication media, per se.

According to various configurations, the computer architecture 700 mayoperate in a networked environment using logical connections to remotecomputers through the network 756 and/or another network (not shown).The computer architecture 700 may connect to the network 756 through anetwork interface unit 714 connected to the bus 710. It should beappreciated that the network interface unit 714 also may be utilized toconnect to other types of networks and remote computer systems. Thecomputer architecture 700 also may include an input/output controller716 for receiving and processing input from a number of other devices,including a keyboard, mouse, game controller, television remote orelectronic stylus (not shown in FIG. 7 ). Similarly, the input/outputcontroller 716 may provide output to a display screen, a printer, orother type of output device (also not shown in FIG. 7 ).

It should be appreciated that the software components described hereinmay, when loaded into the CPU 702 and executed, transform the CPU 702and the overall computer architecture 700 from a general-purposecomputing system into a special-purpose computing system customized tofacilitate the functionality presented herein. The CPU 702 may beconstructed from any number of transistors or other discrete circuitelements, which may individually or collectively assume any number ofstates. More specifically, the CPU 702 may operate as a finite-statemachine, in response to executable instructions contained within thesoftware modules disclosed herein. These computer-executableinstructions may transform the CPU 702 by specifying how the CPU 702transitions between states, thereby transforming the transistors orother discrete hardware elements constituting the CPU 702.

Encoding the software modules presented herein also may transform thephysical structure of the computer-readable media presented herein. Thespecific transformation of physical structure may depend on variousfactors, in different implementations of this description. Examples ofsuch factors may include, but are not limited to, the technology used toimplement the computer-readable media, whether the computer-readablemedia is characterized as primary or secondary storage, and the like.For example, if the computer-readable media is implemented assemiconductor-based memory, the software disclosed herein may be encodedon the computer-readable media by transforming the physical state of thesemiconductor memory. For example, the software may transform the stateof transistors, capacitors, or other discrete circuit elementsconstituting the semiconductor memory. The software also may transformthe physical state of such components in order to store data thereupon.

As another example, the computer-readable media disclosed herein may beimplemented using magnetic or optical technology. In suchimplementations, the software presented herein may transform thephysical state of magnetic or optical media, when the software isencoded therein. These transformations may include altering the magneticcharacteristics of particular locations within given magnetic media.These transformations also may include altering the physical features orcharacteristics of particular locations within given optical media, tochange the optical characteristics of those locations. Othertransformations of physical media are possible without departing fromthe scope and spirit of the present description, with the foregoingexamples provided only to facilitate this discussion.

In light of the above, it should be appreciated that many types ofphysical transformations take place in the computer architecture 700 inorder to store and execute the software components presented herein. Italso should be appreciated that the computer architecture 700 mayinclude other types of computing devices, including hand-held computers,embedded computer systems, personal digital assistants, and other typesof computing devices known to those skilled in the art. It is alsocontemplated that the computer architecture 700 may not include all ofthe components shown in FIG. 7 , may include other components that arenot explicitly shown in FIG. 7 , or may utilize an architecturecompletely different than that shown in FIG. 7 .

FIG. 8 depicts an illustrative distributed computing environment 800capable of executing the software components described herein for acomponent state data blockchain ledger. Thus, the distributed computingenvironment 800 illustrated in FIG. 8 can be utilized to execute manyaspects of the software components presented herein. For example, thedistributed computing environment 800 can be utilized to execute one ormore aspects of the software components described herein. Also, thedistributed computing environment 800 may represent components of thedistributed blockchain platform discussed above.

According to various implementations, the distributed computingenvironment 800 includes a computing environment 802 operating on, incommunication with, or as part of the network 804. The network 804 maybe or may include the network 556, described above. The network 804 alsocan include various access networks. One or more client devices806A-806N (hereinafter referred to collectively and/or generically as“clients 806”) can communicate with the computing environment 802 viathe network 804 and/or other connections (not illustrated in FIG. 8 ).In one illustrated configuration, the clients 806 include a computingdevice 806A, such as a laptop computer, a desktop computer, or othercomputing device; a slate or tablet computing device (“tablet computingdevice”) 806B; a mobile computing device 806C such as a mobiletelephone, a smart phone, an on-board computer, or other mobilecomputing device; a server computer 806D; and/or other devices 806N,which can include a hardware security module. It should be understoodthat any number of devices 806 can communicate with the computingenvironment 802. Two example computing architectures for the devices 806are illustrated and described herein with reference to FIGS. 7 and 8 .It should be understood that the illustrated devices 806 and computingarchitectures illustrated and described herein are illustrative only andshould not be construed as being limited in any way.

In the illustrated configuration, the computing environment 802 includesapplication servers 808, data storage 810, and one or more networkinterfaces 812. According to various implementations, the functionalityof the application servers 808 can be provided by one or more servercomputers that are executing as part of, or in communication with, thenetwork 804. The application servers 808 can host various services,virtual machines, portals, and/or other resources. In the illustratedconfiguration, the application servers 808 host one or more virtualmachines 814 for hosting applications or other functionality. Accordingto various implementations, the virtual machines 814 host one or moreapplications and/or software modules for a data management blockchainledger. It should be understood that this configuration is illustrativeonly and should not be construed as being limiting in any way.

According to various implementations, the application servers 808 alsoinclude one or more resource data management services 820 and one ormore blockchain services 822. The resource data management services 820can include services for managing resource data on a resource datablockchain, such as resource data blockchain 140 in FIG. 1 . Thecomponent state data management services 823 can include services formanaging component state data for a resource on a component state datablockchain, such as component state data blockchain 150 in FIG. 1 . Theblockchain services 822 can include services for participating inmanagement of one or more blockchains, such as by creating genesisblocks, resource data or component state data blocks, and performingvalidation.

As shown in FIG. 8 , the application servers 808 also can host otherservices, applications, portals, and/or other resources (“otherresources”) 824. The other resources 824 can include, but are notlimited to, data encryption, data sharing, or any other functionality.

As mentioned above, the computing environment 802 can include datastorage 810. According to various implementations, the functionality ofthe data storage 810 is provided by one or more databases or data storesoperating on, or in communication with, the network 804. Thefunctionality of the data storage 810 also can be provided by one ormore server computers configured to host data for the computingenvironment 802. The data storage 810 can include, host, or provide oneor more real or virtual data stores 826A-826N (hereinafter referred tocollectively and/or generically as “datastores 826”). The datastores 826are configured to host data used or created by the application servers808 and/or other data. Aspects of the datastores 826 may be associatedwith services for a component state data blockchain. Although notillustrated in FIG. 8 , the datastores 826 also can host or store webpage documents, word documents, presentation documents, data structures,algorithms for execution by a recommendation engine, and/or other datautilized by any application program or another module.

The computing environment 802 can communicate with, or be accessed by,the network interfaces 812. The network interfaces 812 can includevarious types of network hardware and software for supportingcommunications between two or more computing devices including, but notlimited to, the clients 806 and the application servers 808. It shouldbe appreciated that the network interfaces 812 also may be utilized toconnect to other types of networks and/or computer systems.

It should be understood that the distributed computing environment 800described herein can provide any aspects of the software elementsdescribed herein with any number of virtual computing resources and/orother distributed computing functionality that can be configured toexecute any aspects of the software components disclosed herein.According to various implementations of the concepts and technologiesdisclosed herein, the distributed computing environment 800 may providethe software functionality described herein as a service to the clientsusing devices 806. It should be understood that the devices 806 caninclude real or virtual machines including, but not limited to, servercomputers, web servers, personal computers, mobile computing devices,smart phones, and/or other devices, which can include user inputdevices. As such, various configurations of the concepts andtechnologies disclosed herein enable any device configured to access thedistributed computing environment 800 to utilize the functionalitydescribed herein for creating and supporting a component state datablockchain ledger, among other aspects.

Turning now to FIG. 9 , an illustrative computing device architecture900 for a computing device that is capable of executing various softwarecomponents is described herein for a component state data blockchainledger. The computing device architecture 900 is applicable to computingdevices that can manage a component state data blockchain ledger. Insome configurations, the computing devices include, but are not limitedto, mobile telephones, on-board computers, tablet devices, slatedevices, portable video game devices, traditional desktop computers,portable computers (e.g., laptops, notebooks, ultra-portables, andnetbooks), server computers, game consoles, and other computer systems.The computing device architecture 900 is applicable to the resourceoriginator environment 110, client/servers 120A-C and blockchainplatform 130 shown in FIG. 1 and computing device 806A-N shown in FIG. 8.

The computing device architecture 900 illustrated in FIG. 9 includes aprocessor 902, memory components 904, network connectivity components906, sensor components 908, input/output components 910, and powercomponents 912. In the illustrated configuration, the processor 902 isin communication with the memory components 904, the networkconnectivity components 906, the sensor components 908, the input/output(“I/O”) components 910, and the power components 912. Although noconnections are shown between the individual components illustrated inFIG. 9 , the components can interact to carry out device functions. Insome configurations, the components are arranged so as to communicatevia one or more busses (not shown).

The processor 902 includes a central processing unit (“CPU”) configuredto process data, execute computer-executable instructions of one or moreapplication programs, and communicate with other components of thecomputing device architecture 900 in order to perform variousfunctionality described herein. The processor 902 may be utilized toexecute aspects of the software components presented herein and,particularly, those that utilize, at least in part, secure data.

In some configurations, the processor 902 includes a graphics processingunit (“GPU”) configured to accelerate operations performed by the CPU,including, but not limited to, operations performed by executing securecomputing applications, general-purpose scientific and/or engineeringcomputing applications, as well as graphics-intensive computingapplications such as high resolution video (e.g., 620P, 1080P, andhigher resolution), video games, three-dimensional (“3D”) modelingapplications, and the like. In some configurations, the processor 902 isconfigured to communicate with a discrete GPU (not shown). In any case,the CPU and GPU may be configured in accordance with a co-processingCPU/GPU computing model, wherein a sequential part of an applicationexecutes on the CPU and a computationally-intensive part is acceleratedby the GPU.

In some configurations, the processor 902 is, or is included in, asystem-on-chip (“SoC”) along with one or more of the other componentsdescribed herein below. For example, the SoC may include the processor902, a GPU, one or more of the network connectivity components 906, andone or more of the sensor components 908. In some configurations, theprocessor 902 is fabricated, in part, utilizing a package-on-package(“PoP”) integrated circuit packaging technique. The processor 902 may bea single core or multi-core processor.

The processor 902 may be created in accordance with an ARM architecture,available for license from ARM HOLDINGS of Cambridge, United Kingdom.Alternatively, the processor 902 may be created in accordance with anx86 architecture, such as is available from INTEL CORPORATION ofMountain View, California and others. In some configurations, theprocessor 902 is a SNAPDRAGON SoC, available from QUALCOMM of San Diego,California, a TEGRA SoC, available from NVIDIA of Santa Clara,California, a HUMMINGBIRD SoC, available from SAMSUNG of Seoul, SouthKorea, an Open Multimedia Application Platform (“OMAP”) SoC, availablefrom TEXAS INSTRUMENTS of Dallas, Texas, a customized version of any ofthe above SoCs, or a proprietary SoC.

The memory components 904 include a random access memory (“RAM”) 914, aread-only memory (“ROM”) 916, an integrated storage memory (“integratedstorage”) 918, and a removable storage memory (“removable storage”) 920.In some configurations, the RAM 914 or a portion thereof, the ROM 916 ora portion thereof, and/or some combination of the RAM 914 and the ROM916 is integrated in the processor 902. In some configurations, the ROM916 is configured to store a firmware, an operating system or a portionthereof (e.g., operating system kernel), and/or a bootloader to load anoperating system kernel from the integrated storage 918 and/or theremovable storage 920.

The integrated storage 918 can include a solid-state memory, a harddisk, or a combination of solid-state memory and a hard disk. Theintegrated storage 918 may be soldered or otherwise connected to a logicboard upon which the processor 902 and other components described hereinalso may be connected. As such, the integrated storage 918 is integratedin the computing device. The integrated storage 918 is configured tostore an operating system or portions thereof, application programs,data, and other software components described herein.

The removable storage 920 can include a solid-state memory, a hard disk,or a combination of solid-state memory and a hard disk. In someconfigurations, the removable storage 920 is provided in lieu of theintegrated storage 918. In other configurations, the removable storage920 is provided as additional optional storage. In some configurations,the removable storage 920 is logically combined with the integratedstorage 918 such that the total available storage is made available as atotal combined storage capacity. In some configurations, the totalcombined capacity of the integrated storage 918 and the removablestorage 920 is shown to a user instead of separate storage capacitiesfor the integrated storage 918 and the removable storage 920.

The removable storage 920 is configured to be inserted into a removablestorage memory slot (not shown) or other mechanism by which theremovable storage 920 is inserted and secured to facilitate a connectionover which the removable storage 920 can communicate with othercomponents of the computing device, such as the processor 902. Theremovable storage 920 may be embodied in various memory card formatsincluding, but not limited to, PC card, CompactFlash card, memory stick,secure digital (“SD”), miniSD, microSD, universal integrated circuitcard (“UICC”) (e.g., a subscriber identity module (“SIM”) or universalSIM (“USIM”)), a proprietary format, or the like.

It can be understood that one or more of the memory components 904 canstore an operating system. According to various configurations, theoperating system may include, but is not limited to, server operatingsystems such as various forms of UNIX certified by The Open Group andLINUX certified by the Free Software Foundation, or aspects ofSoftware-as-a-Service (SaaS) architectures, such as MICROSFT AZURE fromMicrosoft Corporation of Redmond, Washington or AWS from AmazonCorporation of Seattle, Washington. The operating system may alsoinclude WINDOWS MOBILE OS from Microsoft Corporation of Redmond,Washington, WINDOWS PHONE OS from Microsoft Corporation, WINDOWS fromMicrosoft Corporation, MAC OS or IOS from Apple Inc. of Cupertino,California, and ANDROID OS from Google Inc. of Mountain View,California. Other operating systems are contemplated.

The network connectivity components 906 include a wireless wide areanetwork component (“WWAN component”) 922, a wireless local area networkcomponent (“WLAN component”) 924, and a wireless personal area networkcomponent (“WPAN component”) 926. The network connectivity components906 facilitate communications to and from the network 956 or anothernetwork, which may be a WWAN, a WLAN, or a WPAN. Although only thenetwork 956 is illustrated, the network connectivity components 906 mayfacilitate simultaneous communication with multiple networks, includingthe network 956 of FIG. 9 . For example, the network connectivitycomponents 906 may facilitate simultaneous communications with multiplenetworks via one or more of a WWAN, a WLAN, or a WPAN.

The network 956 may be or may include a WWAN, such as a mobiletelecommunications network utilizing one or more mobiletelecommunications technologies to provide voice and/or data services toa computing device utilizing the computing device architecture 900 viathe WWAN component 922. The mobile telecommunications technologies caninclude, but are not limited to, Global System for Mobile communications(“GSM”), Code Division Multiple Access (“CDMA”) ONE, CDMA7000, UniversalMobile Telecommunications System (“UMTS”), Long Term Evolution (“LTE”),and Worldwide Interoperability for Microwave Access (“WiMAX”). Moreover,the network 956 may utilize various channel access methods (which may ormay not be used by the aforementioned standards) including, but notlimited to, Time Division Multiple Access (“TDMA”), Frequency DivisionMultiple Access (“FDMA”), CDMA, wideband CDMA (“W-CDMA”), OrthogonalFrequency Division Multiplexing (“OFDM”), Space Division Multiple Access(“SDMA”), and the like. Data communications may be provided usingGeneral Packet Radio Service (“GPRS”), Enhanced Data rates for GlobalEvolution (“EDGE”), the High-Speed Packet Access (“HSPA”) protocolfamily including High-Speed Downlink Packet Access (“HSDPA”), EnhancedUplink (“EUL”) or otherwise termed High-Speed Uplink Packet Access(“HSUPA”), Evolved HSPA (“HSPA+”), LTE, and various other current andfuture wireless data access standards. The network 956 may be configuredto provide voice and/or data communications with any combination of theabove technologies. The network 956 may be configured to or be adaptedto provide voice and/or data communications in accordance with futuregeneration technologies.

In some configurations, the WWAN component 922 is configured to providedual-multi-mode connectivity to the network 956. For example, the WWANcomponent 922 may be configured to provide connectivity to the network956, wherein the network 956 provides service via GSM and UMTStechnologies, or via some other combination of technologies.Alternatively, multiple WWAN components 922 may be utilized to performsuch functionality, and/or provide additional functionality to supportother non-compatible technologies (i.e., incapable of being supported bya single WWAN component). The WWAN component 922 may facilitate similarconnectivity to multiple networks (e.g., a UMTS network and an LTEnetwork).

The network 956 may be a WLAN operating in accordance with one or moreInstitute of Electrical and Electronic Engineers (“IEEE”) 802.11standards, such as IEEE 802.11a, 802.11b, 802.11g, 802.11n, and/orfuture 802.11 standard (referred to herein collectively as WI-FI). Draft802.11 standards are also contemplated. In some configurations, the WLANis implemented utilizing one or more wireless WI-FI access points. Insome configurations, one or more of the wireless WI-FI access points areanother computing device with connectivity to a WWAN that arefunctioning as a WI-FI hotspot. The WLAN component 924 is configured toconnect to the network 956 via the WI-FI access points. Such connectionsmay be secured via various encryption technologies including, but notlimited to, WI-FI Protected Access (“WPA”), WPA2, Wired EquivalentPrivacy (“WEP”), and the like.

The network 956 may be a WPAN operating in accordance with Infrared DataAssociation (“IrDA”), BLUETOOTH, wireless Universal Serial Bus (“USB”),Z-Wave, ZIGBEE, or some other short-range wireless technology. In someconfigurations, the WPAN component 926 is configured to facilitatecommunications with other devices, such as peripherals, computers, orother computing devices via the WPAN.

The sensor components 908 include a magnetometer 928, an ambient lightsensor 930, a proximity sensor 932, an accelerometer 934, a gyroscope936, and a Global Positioning System sensor (“GPS sensor”) 938. It iscontemplated that other sensors, such as, but not limited to,temperature sensors or shock detection sensors, also may be incorporatedin the computing device architecture 900.

The I/O components 910 include a display 940, a touchscreen 942, a dataI/O interface component (“data I/O”) 944, an audio I/O interfacecomponent (“audio I/O”) 946, a video I/O interface component (“videoI/O”) 948, and a camera 950. In some configurations, the display 940 andthe touchscreen 942 are combined. In some configurations two or more ofthe data I/O component 944, the audio I/O component 946, and the videoI/O component 948 are combined. The I/O components 910 may includediscrete processors configured to support the various interfacesdescribed below or may include processing functionality built-in to theprocessor 902.

The illustrated power components 912 include one or more batteries 952,which can be connected to a battery gauge 954. The batteries 952 may berechargeable or disposable. Rechargeable battery types include, but arenot limited to, lithium polymer, lithium ion, nickel cadmium, and nickelmetal hydride. Each of the batteries 952 may be made of one or morecells.

The power components 912 may also include a power connector, which maybe combined with one or more of the aforementioned I/O components 910.The power components 912 may interface with an external power system orcharging equipment via an I/O component.

Examples of Various Implementations

In closing, although the various configurations have been described inlanguage specific to structural features and/or methodological acts, itis to be understood that the subject matter defined in the appendedrepresentations is not necessarily limited to the specific features oracts described. Rather, the specific features and acts are disclosed asexample forms of implementing the claimed subject matter.

The present disclosure is made in light of the following clauses:

Clause 1: A computer-implemented method for storing component state datafor components of a resource, the method comprising: generating aresource data block that corresponds to a resource, where the resourcedata includes one or more links and each link corresponds to one of oneor more components of the resource; generating a first component statedata block for a first component of the resource on a blockchain, thefirst component state data block for the first component including firststate data corresponding to the first component; and setting the linkthat corresponds to the first component to reference the first componentstate data block.

Clause 2. The computer-implemented method of Clause 1, where: the stepof generating a resource data block that corresponds to a resourcecomprises generating a resource data block that corresponds to aresource by a resource originator entity; and the step of generating afirst component state data block for a first component of the resourceon a blockchain includes requiring the first component state data blockto be signed by the resource originator entity.

Clause 3. The computer-implemented method of Clause 1, the methodincluding: generating a second component state block for the firstcomponent, the second component state block for the first componentincluding second state data corresponding to the first component; andlinking the second component state data block to the first componentstate data block.

Clause 4. The computer-implemented method of Clause 3, where: the stepof generating a resource data block that corresponds to a resourcecomprises generating a resource data block that corresponds to aresource by a resource originator entity; the step of generating asecond component state data block for the first component comprisesgenerating the second component state block for the first component by acomponent provider entity; and the method includes requiring the secondcomponent state data block to be signed by the resource originatorentity and the component provider entity.

Clause 5. The computer-implemented method of Clause 1, the methodincluding: generating a second component state data block for a secondcomponent on the blockchain, the second component state data block forthe second component including first state data for the secondcomponent; and setting the link in the resource data block thatcorresponds to the second component to reference the first componentstate data block for the second component on the blockchain.

Clause 6. The computer-implemented method of Clause 1, where: the stepof generating a resource data block that corresponds to a resource,where the resource data includes one or more links and each linkcorresponds to one of one or more components of the resource includes:generating a null component state data block for each of the one or morecomponents of the resource, and for each one of the one or morecomponents, setting the link that corresponds to the component toreference the null component state data block for the component; and thestep of setting the link that corresponds to the first component toreference the first component state data block comprises linking thefirst component state data block to the null component state data blockfor the first component.

Clause 7. The computer-implemented method of Clause 1, where at leastone of: the resource comprises a system and the first componentcomprises a sub-component of the system; the resource comprises aservice and the first component comprises a component of the service;the resource comprises a database and first component comprises a subsetof data; the resource comprises an operating system and the firstcomponent comprises one of a library, a management subsystem and adevice driver; and the resource comprises an application and the firstcomponent comprises an update to the application.

Clause 8. A system for storing component state data on a blockchain, thesystem comprising: one or more processors; and one or more memorydevices in communication with the one or more processors, the memorydevices having computer-readable instructions stored thereupon that,when executed by the processors, cause the processors to perform amethod for storing component state data for components of a resource,the method comprising: generating a resource data block that correspondsto a resource, where the resource data includes one or more links andeach link corresponds to one of one or more components of the resource;generating a first component state data block for a first component ofthe resource on a blockchain, the first component state data block forthe first component including first state data corresponding to thefirst component; and setting the link that corresponds to the firstcomponent to reference the first component state data block.

Clause 9. The system of Clause 8, where: the step of generating aresource data block that corresponds to a resource comprises generatinga resource data block that corresponds to a resource by a first entity;and the step of generating a first component state data block for afirst component of the resource on a blockchain includes requiring thefirst component state data block to be signed by the first entity.

Clause 10. The system of Clause 8, the method including: generating asecond component state block for the first component, the secondcomponent state block for the first component including second statedata corresponding to the first component; and linking the secondcomponent state data block to the first component state data block.

Clause 11. The system of Clause 10, where: the step of generating aresource data block that corresponds to a resource comprises generatinga resource data block that corresponds to a resource by a first entity;the step of generating a second component state data block for the firstcomponent comprises generating the second component state block for thefirst component by a second entity; and the method includes requiringthe second component state data block to be signed by the first entityand the second entity.

Clause 12. The system of Clause 8, the method including: generating asecond component state data block for a second component on theblockchain, the second component state data block for the secondcomponent including first state data for the second component; andsetting the link in the resource data block that corresponds to thesecond component to reference the first component state data block forthe second component on the blockchain.

Clause 13. The system of Clause 8, where: the step of generating aresource data block that corresponds to a resource, where the resourcedata includes one or more links and each link corresponds to one of oneor more components of the resource includes: generating a null componentstate data block for each of the one or more components of the resource,and for each one of the one or more components, setting the link thatcorresponds to the component to reference the null component state datablock for the component; and the step of setting the link thatcorresponds to the first component to reference the first componentstate data block comprises linking the first component state data blockto the null component state data block for the first component.

Clause 14. The system of Clause 8, where the method includes: receivingan audit request for a requested component of the resource; andresponsive to the audit request: using the link corresponding to therequested component to trace the component state data blockscorresponding to the requested component; and returning the componentstate data in the component state data blocks corresponding to therequested component.

Clause 15. One or more computer storage media having computer executableinstructions stored thereon which, when executed by one or moreprocessors, cause the processors to execute a method for storingcomponent state data for components of a resource, the methodcomprising: generating a resource data block that corresponds to aresource, where the resource data includes one or more links and eachlink corresponds to one of one or more components of the resource;generating a first component state data block for a first component ofthe resource on a blockchain, the first component state data block forthe first component including first state data corresponding to thefirst component; and setting the link that corresponds to the firstcomponent to reference the first component state data block.

Clause 16. The computer storage media of Clause 15, where: the step ofgenerating a resource data block that corresponds to a resourcecomprises generating a resource data block that corresponds to aresource by a first entity; and the step of generating a first componentstate data block for a first component of the resource on a blockchainincludes requiring the first component state data block to be signed bythe first entity.

Clause 17. The computer storage media of Clause 16, the methodincluding: generating a second component state block for the firstcomponent, the second component state block for the first componentincluding second state data corresponding to the first component; andlinking the second component state data block to the first componentstate data block.

Clause 18. The computer storage media of Clause 15, where: the step ofgenerating a resource data block that corresponds to a resourcecomprises generating a resource data block that corresponds to aresource by a first entity; the step of generating a second componentstate data block for the first component comprises generating the secondcomponent state block for the first component by a second entity; andthe method includes requiring the second component state data block tobe signed by the first entity and the second entity.

Clause 19. The computer storage media of Clause 15, the methodincluding: generating a second component state data block for a secondcomponent on the blockchain, the second component state data block forthe second component including first state data for the secondcomponent; and setting the link in the resource data block thatcorresponds to the second component to reference the first componentstate data block for the second component on the blockchain.

Clause 20. The computer storage media of Clause 15, where: the step ofgenerating a resource data block that corresponds to a resource, wherethe resource data includes one or more links and each link correspondsto one of one or more components of the resource includes: generating anull component state data block for each of the one or more componentsof the resource, and for each one of the one or more components, settingthe link that corresponds to the component to reference the nullcomponent state data block for the component; and the step of settingthe link that corresponds to the first component to reference the firstcomponent state data block comprises linking the first component statedata block to the null component state data block for the firstcomponent.

Although the subject matter presented herein has been described inlanguage specific to computer structural features, methodological andtransformative acts, specific computing machinery, and computer readablemedia, it is to be understood that the subject matter set forth in theappended claims is not necessarily limited to the specific features,acts, or media described herein. Rather, the specific features, acts andmediums are disclosed as example forms of implementing the claimedsubject matter.

The subject matter described above is provided by way of illustrationonly and should not be construed as limiting. Various modifications andchanges can be made to the subject matter described herein withoutfollowing the example configurations and applications illustrated anddescribed, and without departing from the scope of the presentdisclosure, which is set forth in the following claims.

What is claimed is:
 1. A computer-implemented method comprising: generating a resource data block for a resource having a plurality of components, the resource data block including a first link to a first component data block, the first component data block corresponding to a first component of the plurality of components for the resource; and committing the resource data block to a blockchain.
 2. The computer-implemented method of claim 1, wherein the first component data block is committed to a second blockchain.
 3. The computer-implemented method of claim 1, wherein the first component data block is a null component data block for the first component; and wherein a second component data block is linked to the first component data block, the second component data block storing data for the first component.
 4. The computer-implemented method of claim 1, wherein the resource data block and the first component data block are signed by a resource originator entity.
 5. The computer-implemented method of claim 1, wherein the resource data block includes a second link to a second component data block, the second component data block corresponding to a second component of the plurality of components for the resource.
 6. The computer-implemented method of claim 5, wherein the first component data block and the second component data block are committed to the blockchain.
 7. The computer-implemented method of claim 1, wherein the method further comprises: generating a second component data block, the second component data block including updated data corresponding to the first component; and linking the second component data block to the first component data block.
 8. One or more computer storage media storing computer-useable instructions that, when used by a computing device, cause the computing device to perform operations, the operations comprising: generating a resource data block for a resource having a plurality of components, the resource data block including a first link to a first component data block, the first component data block corresponding to a first component of the plurality of components for the resource; and committing the resource data block to a blockchain.
 9. The one or more computer storage media of claim 8, wherein the first component data block is committed to a second blockchain.
 10. The one or more computer storage media of claim 8, wherein the first component data block is a null component data block for the first component; and wherein a second component data block is linked to the first component data block, the second component data block storing data for the first component.
 11. The one or more computer storage media of claim 8, wherein the resource data block and the first component data block are signed by a resource originator entity.
 12. The one or more computer storage media of claim 8, wherein the resource data block includes a second link to a second component data block, the second component data block corresponding to a second component of the plurality of components for the resource.
 13. The one or more computer storage media of claim 12, wherein the first component data block and the second component data block are committed to the blockchain.
 14. The one or more computer storage media of claim 8, wherein the operations further comprise: generating a second component data block, the second component data block including updated data corresponding to the first component; and linking the second component data block to the first component data block.
 15. A computer system comprising: a processor; and a computer storage medium storing computer-useable instructions that, when used by the processor, causes the computer system to perform operations comprising: generating a resource data block for a resource having a plurality of components, the resource data block including a first link to a first component data block, the first component data block corresponding to a first component of the plurality of components for the resource; and committing the resource data block to a blockchain.
 16. The computer system of claim 15, wherein the first component data block is committed to a second blockchain.
 17. The computer system of claim 15, wherein the first component data block is a null component data block for the first component; and wherein a second component data block is linked to the first component data block, the second component data block storing data for the first component.
 18. The computer system of claim 15, wherein the resource data block includes a second link to a second component data block, the second component data block corresponding to a second component of the plurality of components for the resource.
 19. The computer system of claim 18, wherein the first component data block and the second component data block are committed to the blockchain.
 20. The computer system of claim 15, wherein the operations further comprise: generating a second component data block, the second component data block including updated data corresponding to the first component; and linking the second component data block to the first component data block. 